With the rapid development of Internet technology and the popularization of multicast, group-oriented applications, such as video conference, network games, and video on demand, etc., play more and more important roles. Secure group communication becomes an important research aspect. The secure group communication with hierarchical access control relates to a group with a series of subgroups having different access permissions, higher level subgroups receive and decrypt the information sent by its descendant subgroups (direct or indirect), but not vice versa. For the hierarchical access control based on cryptography, the higher level subgroups can obtain/derive the communication key of its descendant subgroups directly or indirectly, while the lower level subgroups can not derive the communication keys of its ancestor subgroups.
Normally, hierarchical access control has the following settings: (1) hierarchical relationship can be represented by Directed Acyclic Graph (DAG); (2) a central controller (CC) is used to manage the hierarchical relationship, and calculate and distribute the keys; (3) in the DAG, each node represents a set of users, and each node is called a subgroup; (4) each subgroup has a subgroup controller (SC) for distributing the subgroup key to each subgroup member; (5) between CC and SC, there is a secure channel for secure communication when the initialization of system or a new subgroup joins in the group; (6) in each subgroup, there is a secure key management scheme for implementing the key management in the subgroup.
These days, there are various approaches in the hierarchical access control. The typical schemes include Akl-Taylor scheme, Lin scheme, Sandhu scheme, Chinese Remainder Theorem (CRT) scheme, etc.
The Akl-Taylor scheme is a key directly dependent scheme based on one-way function. The key of a descendant subgroup is generated by the key of its ancestor subgroup via the one-way function, and the ancestor subgroup can calculate the key of its descendant subgroup directly while the descendant subgroup can not select the key of its own. The advantage of this scheme is that all the nodes do not need to memorize the hierarchical structure, and only have to store the key of its own. The disadvantage of this scheme is that the hierarchical structure is static, and a small variation in the structure will result in the update of all the nodes in the hierarchical structure.
There are also other schemes such as Mackinnon scheme, Chick and Tavares scheme and so on, which can be regarded as the improvements to the Akl-Taylor scheme.
The Lin scheme is a key indirectly dependent scheme based on one-way function. The key of a descendant subgroup is independent of the key of its ancestor subgroup, and the ancestor subgroup can derive the key of its descendant subgroup indirectly. The advantage of this scheme is that the descendant subgroups can change the key independently without affecting the key of the other subgroups. The disadvantage of this scheme is that the subgroups have to memorize the entire hierarchical structure, at least all its descendant subgroups. Furthermore, some auxiliary variables for deriving the keys of the descendant subgroups have to be stored.
The Sandhu scheme is based on the tree structure in which each node has a name. The root node of the tree selects a key randomly, and the key of each other node is obtained by encrypting its name with the key of its ancestor subgroup. A subgroup can obtain the keys of its descendant subgroups by encryption, while a descendant subgroup can not calculate the key of its ancestor subgroup. The advantage of this scheme is that each subgroup only needs to store the information of its own, and the change of the level of a subgroup will only affect the key update of its descendant subgroups. The disadvantage of this scheme is that the subgroups have to memorize some group information, and at least the group information of all its descendant subgroups, and it is only adapted for hierarchical model with tree structure.
In the CRT scheme, the hierarchical structure is hidden in a constructed CRT variable by CRT algorithm, and all ancestor subgroups of a subgroup can calculate the key of this subgroup, while this subgroup can not know which subgroups are its ancestor subgroups. The ancestor subgroups do not know the specific path to the subgroup either, and can only calculate its key. This scheme provides good security, but the disadvantage is that the cost to compute the CRT variable is very large, and it grows proportionally as the number of subgroups increases, and thereby the scalability of the scheme is not good enough.